Critical WhatsUp Gold Vulnerabilities Demand Immediate Action

by do son · September 26, 2024

In a recent security bulletin, Progress Software has announced the discovery of six critical vulnerabilities affecting its popular network monitoring application, WhatsUp Gold. Organizations worldwide rely on WhatsUp Gold to track the uptime and availability of servers and the services running on them. However, these newly identified vulnerabilities pose significant risks, potentially allowing unauthorized access and control over network infrastructure.

The six vulnerabilities affect all versions of WhatsUp Gold below 24.0.1. They have been assigned the following Common Vulnerabilities and Exposures (CVE) identifiers and severity scores:

CVE-2024-46909: CVSS 9.8
CVE-2024-8785: CVSS 9.8
CVE-2024-46908: CVSS 8.8
CVE-2024-46907: CVSS 8.8
CVE-2024-46906: CVSS 8.8
CVE-2024-46905: CVSS 8.8

While detailed information about these vulnerabilities is currently restricted to prevent exploitation, their high severity scores indicate that they could allow attackers to execute remote code, gain unauthorized access, or disrupt network services.

This isn’t the first time WhatsUp Gold has been in the security spotlight. Recently disclosed vulnerabilities, such as CVE-2024-4885—a critical unauthenticated remote code execution flaw impacting versions 23.1.2 and older—have already been exploited in the wild. Additionally, two SQL injection vulnerabilities, CVE-2024-6670 and CVE-2024-6671, have been used by hackers since August 30 to retrieve encrypted passwords without authentication.

These incidents underscore the urgency for organizations to address the newly discovered vulnerabilities promptly.

Progress Software is proactively reaching out to all WhatsUp Gold customers, urging them to upgrade their environments to the newly released version 24.0.1, which addresses all six vulnerabilities.